CryptoAPI and 5 bytes exponent public keys

Hi all,

One customer of mine wanted to import a public key he got from a partner. That public key had a 2048 bits modulus and a 5 bytes exponent.

The problem was that CryptoAPI's RSAPUBKEY structure doesn't allow a 5 bytes exponent because it defines the public exponent with a DWORD (4 bytes max):

typedef struct _RSAPUBKEY {
DWORD magic ;
DWORD bitlen ;
DWORD pubexp ;
} RSAPUBKEY;

 

CryptoAPI only supports 4 byte exponents with MS CSPs (Cryptographic Service Providers). CNG overcomes this limitation on Vista and later:

Key Storage and Retrieval
"
CNG is more flexible with regard to RSA key pairs. For example, CNG supports public exponents larger than 32-bits in length, and it supports keys in which p and q are different lengths.
"

Please, note that the restriction of 4 byte exponents are for MS CSPs only. CryptoAPI should be able to work with 5 byte exponents if using a third-party CSP.

Regards,

 

Alex (Alejandro Campos Magencio)